Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | b3192bb4db68dc1fd99aec8712308f09
|
| Sha1 | 05fcd1c9fe344e7e369bbfa6509383ada2fcc906
|
| Sha256 | e9b5746dc2f2d63914359e06ceada4c4ca8bef0233bee97736f87304cfb5ef17
|
| Sha384 | 42dedf8df24bc79012f67a658a7e02e8a245f5b7759a707dad33b74253237e14a881680bf47f19d4d61ec971b86dd5ce
|
| Sha512 | abe05682daa1b52f9d8c6ee5f1c81acc14e59871d472cd4135744c7b8b53e38f937bab78844ee6e9ca4889d7f38671b60508abab31ab6893f2364813dc51f651
|
| SSDeep | 12288:4C5CcoYyKhJr3z+oK5jJacStCxLY4yxC6UoSl3EBiHwlpvl:4t4VyoK5McE0CA3EwUl
|
| TLSH | 4FC4014ABF844BA5C96832B9D1CB541403F6EE8736F3D7473B5842CA1E817E4D962B88
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Ygtnj.exe |
| Full Name | Ygtnj.exe |
| EntryPoint | System.Void q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH::SIEImRedn() |
| Scope Name | Ygtnj.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Ygtnj |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 39 |
| Main Method | System.Void q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH::SIEImRedn() |
| Main IL Instruction Count | 90 |
| Main IL | ldc.i4 3 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 991 beq IL_0009: ldloc V_1 br IL_0036: nop ret <null> nop <null> ldsfld System.Threading.ThreadStart q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c::fnht0TCFh dup <null> brfalse IL_0047: pop br IL_00AF: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 5 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_e9be90906f5f44c3a7fe0b26426ff022 brtrue IL_0079: switch(IL_0099,IL_00DD) pop <null> ldc.i4 0 br IL_0079: switch(IL_0099,IL_00DD) br IL_0075: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0075: ldloc V_0 br IL_0099: ldsfld q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c::jpT3BnjVg ldsfld q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c::jpT3BnjVg ldftn System.Void q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c::sVcrPpXEt() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c::fnht0TCFh newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld rb71Yp61jiGlbhhFFqV rb71Yp61jiGlbhhFFqV::F0n6Fx4Luf call System.Void rb71Yp61jiGlbhhFFqV::vjb6tw7pJL(System.Object,rb71Yp61jiGlbhhFFqV) ldc.i4 1 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_2e8e74e6e9804ca48670065cf7ee5bae brtrue IL_0079: switch(IL_0099,IL_00DD) pop <null> ldc.i4 3 br IL_0079: switch(IL_0099,IL_00DD) leave IL_017D: ldsfld sboxiZ6ZHhfyfMQrXJ6 sboxiZ6ZHhfyfMQrXJ6::QS86q6UuR2 pop <null> ldc.i4 0 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_e951c480c5b445798e9a8b30a94e04d0 brtrue IL_0114: switch(IL_0130) pop <null> ldc.i4 2 br IL_0114: switch(IL_0130) br IL_0110: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_0110: ldloc V_2 br IL_0130: leave IL_017D leave IL_017D: ldsfld sboxiZ6ZHhfyfMQrXJ6 sboxiZ6ZHhfyfMQrXJ6::QS86q6UuR2 ldc.i4 1 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_0d649eb66f3d420c81aeb993a95a96cd brfalse IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) pop <null> ldc.i4 3 br IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) ldsfld IvGnHn6J8lC6dfuoGLJ IvGnHn6J8lC6dfuoGLJ::j6l6ngGQ6o call System.Void IvGnHn6J8lC6dfuoGLJ::vjb6tw7pJL(IvGnHn6J8lC6dfuoGLJ) ldc.i4 2 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_f2ccf7f05f1341bc9b423aedc00ad82d brfalse IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) pop <null> ldc.i4 0 br IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) ldsfld sboxiZ6ZHhfyfMQrXJ6 sboxiZ6ZHhfyfMQrXJ6::QS86q6UuR2 call System.Void sboxiZ6ZHhfyfMQrXJ6::vjb6tw7pJL(sboxiZ6ZHhfyfMQrXJ6) ldc.i4 0 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_f2ccf7f05f1341bc9b423aedc00ad82d brfalse IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) pop <null> ldc.i4 5 br IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) |
| Module Name | Ygtnj.exe |
| Full Name | Ygtnj.exe |
| EntryPoint | System.Void q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH::SIEImRedn() |
| Scope Name | Ygtnj.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Ygtnj |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 39 |
| Main Method | System.Void q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH::SIEImRedn() |
| Main IL Instruction Count | 90 |
| Main IL | ldc.i4 3 stloc V_1 ldloc V_1 switch dnlib.DotNet.Emit.Instruction[] ldloc V_1 ldc.i4 991 beq IL_0009: ldloc V_1 br IL_0036: nop ret <null> nop <null> ldsfld System.Threading.ThreadStart q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c::fnht0TCFh dup <null> brfalse IL_0047: pop br IL_00AF: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldc.i4 5 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_e9be90906f5f44c3a7fe0b26426ff022 brtrue IL_0079: switch(IL_0099,IL_00DD) pop <null> ldc.i4 0 br IL_0079: switch(IL_0099,IL_00DD) br IL_0075: ldloc V_0 ldc.i4 0 stloc V_0 ldloc V_0 switch dnlib.DotNet.Emit.Instruction[] ldloc V_0 ldc.i4 989 beq IL_0075: ldloc V_0 br IL_0099: ldsfld q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c::jpT3BnjVg ldsfld q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c::jpT3BnjVg ldftn System.Void q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c::sVcrPpXEt() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart q7Py39exf2qOMg4Yo8.sonkqvPqlkU8yy9uxH/<>c::fnht0TCFh newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) ldsfld rb71Yp61jiGlbhhFFqV rb71Yp61jiGlbhhFFqV::F0n6Fx4Luf call System.Void rb71Yp61jiGlbhhFFqV::vjb6tw7pJL(System.Object,rb71Yp61jiGlbhhFFqV) ldc.i4 1 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_2e8e74e6e9804ca48670065cf7ee5bae brtrue IL_0079: switch(IL_0099,IL_00DD) pop <null> ldc.i4 3 br IL_0079: switch(IL_0099,IL_00DD) leave IL_017D: ldsfld sboxiZ6ZHhfyfMQrXJ6 sboxiZ6ZHhfyfMQrXJ6::QS86q6UuR2 pop <null> ldc.i4 0 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_e951c480c5b445798e9a8b30a94e04d0 brtrue IL_0114: switch(IL_0130) pop <null> ldc.i4 2 br IL_0114: switch(IL_0130) br IL_0110: ldloc V_2 ldc.i4 0 stloc V_2 ldloc V_2 switch dnlib.DotNet.Emit.Instruction[] ldloc V_2 ldc.i4 988 beq IL_0110: ldloc V_2 br IL_0130: leave IL_017D leave IL_017D: ldsfld sboxiZ6ZHhfyfMQrXJ6 sboxiZ6ZHhfyfMQrXJ6::QS86q6UuR2 ldc.i4 1 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_0d649eb66f3d420c81aeb993a95a96cd brfalse IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) pop <null> ldc.i4 3 br IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) ldsfld IvGnHn6J8lC6dfuoGLJ IvGnHn6J8lC6dfuoGLJ::j6l6ngGQ6o call System.Void IvGnHn6J8lC6dfuoGLJ::vjb6tw7pJL(IvGnHn6J8lC6dfuoGLJ) ldc.i4 2 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_f2ccf7f05f1341bc9b423aedc00ad82d brfalse IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) pop <null> ldc.i4 0 br IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) ldsfld sboxiZ6ZHhfyfMQrXJ6 sboxiZ6ZHhfyfMQrXJ6::QS86q6UuR2 call System.Void sboxiZ6ZHhfyfMQrXJ6::vjb6tw7pJL(sboxiZ6ZHhfyfMQrXJ6) ldc.i4 0 ldsfld <Module>{232b202a-2670-4ea9-9611-948bae7dca16} <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_9320fcf7d99f498cb41ce0e169fcacc3 ldfld System.Int32 <Module>{232b202a-2670-4ea9-9611-948bae7dca16}::m_f2ccf7f05f1341bc9b423aedc00ad82d brfalse IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) pop <null> ldc.i4 5 br IL_000D: switch(IL_0035,IL_017D,IL_0036,IL_0154) |